This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 33%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Good morning. Box in question is stand-alone Ex2016 CU20. Installed KB5004779 this weekend; aside from temporarily borking all Content Indexes, I'm now getting a certificate-related error on this machine only: "ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 " Even though I'm trying to get into the ECP web, the error is being reported as "Server error in '/owa' Application. I'm not going to install this on my DAG members until I can resolve this cert/owa/ecp issue.
Anyone see this when installing KB5004779? Suggestions appreciated!
SteveInReno
The virtual directory configs are visually comparable to one of our existing, operational DAG members for the ECP and OWA virtual directories...
I did have an expired self-signed Exchange Server Auth cert on this box, in addition to a valid 3rd party public server that was VALID. I've regenerated the self-signed cert on this box but it has as yet had no effect. I have NOT stopped/restarted any services, but I'm about to force an IISRESET.
Turns out the expired self-signed Exchange Server Cert may have been the issue after all... https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
Note on the above referenced article: the sample publishes the new cert to ALL Org Exchange Servers; use with caution if you only want it pushed to a single server.
Thanks for reading!
SteveInReno
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Glad to hear the issue has been resolved!
Thanks for the sharing.
In addition, it is a known issue related to the Exchange Server OAuth certificate which has been documented in this link: Description of the security update for Microsoft Exchange Server 2016: July 13, 2021 (KB5004779)
